459f7ea83f28d3e769eb15f63b2028ce9c1c66d297921891b7c4f94f2a6db638[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

459f7ea83f28d3e769eb15f63b2028ce9c1c66d297921891b7c4f94f2a6db638.exe
Size

1.8MB
MD5

07e31d2b088111edbfb450ecf1969580
SHA1

39b201d12625a1096e72066400f99b36670caa75
SHA256

459f7ea83f28d3e769eb15f63b2028ce9c1c66d297921891b7c4f94f2a6db638
SHA512

fb573d5852a7b561a994e0a009055dd92e62fb63872af8240e438c2c0acc3d54c2af4d8393394072d1304d7fa670029c25af7570d6e7c7ea793b411d705c5f47
SSDEEP

24576:Hp2QujLtjBVNdZaRPEzZmi6tn0CX7bHsMQ4/O6yMLprOInyT/Swl8Mi9:Vu9jJdZ0EzUi6V/XvYMLprznyDSga9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
459f7ea83f28d3e769eb15f63b2028ce9c1c66d297921891b7c4f94f2a6db638.exe

Files

459f7ea83f28d3e769eb15f63b2028ce9c1c66d297921891b7c4f94f2a6db638.exe
.exe windows:10 windows x64 arch:x64

166be62bd40d6ed590a552de4a74ad73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SensorDataService.pdb

Imports

msvcrt

_fmode
__wgetmainargs
free
memmove_s
swprintf_s
wcscpy_s
_snwprintf_s
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_vsnwprintf_s
_wcsicmp
sprintf
realloc
__C_specific_handler
?terminate@@YAXXZ
_amsg_exit
_initterm
_wcsnicmp
_vsnprintf_s
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_vsnwprintf
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
__CxxFrameHandler3
_unlock
__dllonexit
_onexit
_callnewh
??1type_info@@UEAA@XZ
memcmp
__set_app_type
_CxxThrowException
__setusermatherr
??_V@YAXPEAX@Z
exit
malloc
wprintf_s
_XcptFilter
_cexit
_purecall
_exit
_lock
memcpy
??3@YAXPEAX@Z
memmove
_commode
??8type_info@@QEBAHAEBV0@@Z
memset

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadStringW
RemoveDllDirectory
AddDllDirectory
GetModuleHandleExW
FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount64
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-service-management-l1-1-0

StartServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
CreateServiceW
OpenServiceW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoUninitialize
RoGetActivationFactory

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionEx
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateEventExW
CreateMutexExW
WaitForSingleObject
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResetEvent
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegEnumKeyExW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
QueryServiceStatusEx

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
RoOriginateError

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetApartmentType
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsIsStringEmpty
WindowsCreateString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsDeleteString

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
CheckTokenMembership
FreeSid
DuplicateToken
AllocateAndInitializeSid

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

ntdll

RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolIo
CreateThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolIo
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpool
WaitForThreadpoolIoCallbacks
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWorkCallbacks
StartThreadpoolIo
CancelThreadpoolIo
CloseThreadpool
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
SetThreadpoolThreadMaximum
SetThreadpoolTimer

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
ConnectNamedPipe

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile

api-ms-win-core-kernel32-legacy-l1-1-0

GetNamedPipeClientProcessId

Sections

.text
Size: 835KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

166be62bd40d6ed590a552de4a74ad73

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-registry-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

ntdll

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

Sections

.text Size: 835KB - Virtual size: 835KB

.rdata Size: 358KB - Virtual size: 357KB

.data Size: 6KB - Virtual size: 69KB

.pdata Size: 37KB - Virtual size: 36KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 835KB - Virtual size: 835KB

.rdata
Size: 358KB - Virtual size: 357KB

.data
Size: 6KB - Virtual size: 69KB

.pdata
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB